CMS7 - Patch Management does not detect change in the PMIMPORT.CAB

Pascal.KOTTE's picture
Pascal.KOTTE
July 27th, 2009

So we must uncheck the option "download only if modified", to force the download the latest CAB & getting correctly updates.

It is a pretty curious because if we look at: http://www.solutionsam.com/imports/7_0/patch/microsoft/pmimport.cab
We see the XML file contains additionnal newest XML files, not in the current C:\Program Files\Altiris\Patch Management\Downloads\pmimport.cab
When manual ask for a download, the log result is:

Log File Name: C:\Program Files\Altiris\Notification Server\Logs\a.log
Priority: 2
Date: 7/21/2009 11:56:55 AM
Tick Count: 1805852250
Host Name: X1
Process: AtrsHost (8288)
Thread ID: 64
Module: AtrsHost.exe
Source: Altiris.PatchManagementCore.Tasks.Server.PMResourceImportTask.ExecuteTask
Description: ItemTask 'Microsoft Patch Management Import' - http://www.solutionsam.com/imports/7_0/patch/micro... has not changed since the last download. It will NOT be downloaded

So to workaround: uncheck & download same file each day, except once a month, or 2 :-(

1)
I have one customer reporting this bug, not yet from others, but most ours are still in version CMS 6 ;-)
Any body else getting this same problem ?

2)
We were also surprise the long time takes the Client to report vulnerabilities, when deploying new agents (with patch plugin), all the same we force the patch cycle...
50% of the clients was not reporting (online clients), and must wait for 2 days before all reporting correctly.
Any body else get same 50% immediat patch report result, waiting for others?

Filed under: , , ,
+1 (1 vote)
jessek's picture
jessek
17 weeks 2 days ago

Same thing here

I noticed this several weeks back.  We had been getting updated pmimport.cab files for months, but then suddenly, I want to say sometime in May, we stopped getting updates and the logs kept saying that there were no pmimport.cab changes.  This was obviously not the case so I did the same thing that you did - scheduled full downloads.

I haven't noticed the issue with vulnerabilities getting reported, but I haven't been running any reports to look for that.

Jesse Kozikowski
Aspirus, Inc.

+1 (1 vote)
jessek's picture
jessek
17 weeks 2 days ago

I will say this, though. 

I will say this, though.  I have seen many "incomplete" software updates, even after reboots have occurred.  I have also seen plenty of PCs reporting that a reboot is pending even after reboots have occurred.

Jesse Kozikowski
Aspirus, Inc.

+2 (2 votes)
Pascal.KOTTE's picture
Pascal.KOTTE
9 weeks 2 days ago

thanks your reply - So nice not to be alone in the grey zone ;-)

If there are enough people feedback confirming the same, & nobody reporting it works for them, I believe we can think about BUG report escalation to Symantec ;-)

~~PaKo @ www.BeMore.ch (Sorry for the Bad English, did you speak French ? Join us https://www-secure.symantec.com/connect/groups/gro... )

0 votes
jharings's picture
jharings
9 weeks 6 days ago

I have seen this as well

whether the reboot was done by Altiris or manually (with a subsequent patch inventory run afterwards), the compliance reports showed that the system(s) were not compliant and needed a reboot. The registry key on the client definitely indicated that a reboot was not required.

Jim Harings
Technical Solutions Consultant
Xcend Group
http://xcendgroup.com

0 votes
bkaulins's picture
bkaulins
9 weeks 6 days ago

work around -

work around -

go to >  C:\Program Files\Altiris\Patch Management\Downloads\pmimport.cab and rename it to pmimport.old

Next run the pmi import again and all should be good for at least the most current.

+1 (1 vote)